Security 10809 Published by

Microsoft has released a patch that eliminates a security
vulnerability in the Microsoft(r) virtual machine (Microsoft VM)
that originally was discussed in Microsoft Security Bulletin
MS00-011. Like the original vulnerability, the new variant could
enable a malicious web site operator to read files from the computer
of a person who visited his site or read web content from inside an
intranet if the malicious site was visited by a computer from within
that intranet.

Frequently asked questions regarding this vulnerability and the
patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-081.asp

Affected Software Versions
==========================
Versions of the Microsoft VM are identified by build numbers, which
can be determined using the JVIEW tool, as discussed in the FAQ. The
following builds of the Microsoft VM are affected:
- All builds in the 2000 series.
- All builds in the 3000 series.

Note: The Microsoft VM ships as part of several products. However,
the primary ship vehicle is Internet Explorer.

Patch Availability
==================
New versions of the Microsoft VM that include a fix for the
vulnerability can be downloaded from the following locations:
- 2000-series builds:
A patch specifically for the 2000-series builds will be available
shortly. Customers who wish to eliminate the vulnerability can
also do so by upgrading to build 3319 at
http://www.microsoft.com/java/vm/dl_vm40.htm
- 3000-series:
Upgrade to build 3319 or later at
http://www.microsoft.com/java/vm/dl_vm40.htm.